Why does NFC enabled android phone's RFID changing?

Question

I am trying to build a NFC enabled smart door using an NFC enabled android phone as a keycard. I am using a NodeMcu and RC522 NFC reader. The code below works fine for reading a Classic RFID card. When i read a phone's RFID the phone's RFID keeps changing.

1. Why does the RFID of the phone keep changes?

2. If this is not preventable can i send a message such as 'hello world' from the android phone to RC522 using NFC?

   #include <SPI.h>                          //SPI kütüphanemizi tanımlıyoruz.
   #include <MFRC522.h>                      //MFRC522 kütüphanemizi tanımlıyoruz.
   #include <LiquidCrystal.h>
   
   LiquidCrystal lcd(7, 6, 5, 4, 3, 2);
   int RST_PIN = 9;                          //RC522 modülü reset pinini tanımlıyoruz.
   int SS_PIN = 10;                          //RC522 modülü chip select pinini tanımlıyoruz.
   int buzzerPin = 8;                         //Buzzer motor pinini tanımlıyoruz.
   MFRC522 rfid(SS_PIN, RST_PIN);            //RC522 modülü ayarlarını yapıyoruz.
   
   
   void setup() { 
     Serial.begin(9600);                     //Seri haberleşmeyi başlatıyoruz.
     SPI.begin();                            //SPI iletişimini başlatıyoruz.
     rfid.PCD_Init();                        //RC522 modülünü başlatıyoruz.
     pinMode(buzzerPin,OUTPUT);
     lcd.begin(16, 2);
     lcd.print("CARD READER!");
   }
   
   void array_to_string(byte array[], unsigned int len, char buffer[])
   {
      for (unsigned int i = 0; i < len; i++)
      {
         byte nib1 = (array[i] >> 4) & 0x0F;
         byte nib2 = (array[i] >> 0) & 0x0F;
         buffer[i*2+0] = nib1  < 0xA ? '0' + nib1  : 'A' + nib1  - 0xA;
         buffer[i*2+1] = nib2  < 0xA ? '0' + nib2  : 'A' + nib2  - 0xA;
      }
      buffer[len*2] = '\0';
   }
   
   void loop() {
   
     if ( ! rfid.PICC_IsNewCardPresent())    //Yeni kartın okunmasını bekliyoruz.
       return;
   
     if ( ! rfid.PICC_ReadCardSerial())      //Kart okunmadığı zaman bekliyoruz.
       return;
   
      char cardInput[32] = "";
        rfid.PICC_DumpDetailsToSerial(&(rfid.uid)); //dump some details about the card
   
      array_to_string(rfid.uid.uidByte, 4, cardInput); //Insert (byte array, length, char array for output)
   
         printCardToScreen(cardInput);
         lcd.setCursor(0,0);
         lcd.print("            ");
         lcd.setCursor(0,0);
         lcd.print(cardInput);  
         digitalWrite(buzzerPin,HIGH);
         delay(1000);
         digitalWrite(buzzerPin,LOW);
         delay(5000);
         lcd.print("            ");
         lcd.setCursor(0,0);
         lcd.print("CARD READER!");
      rfid.PICC_HaltA();
   }
   void printCardToScreen(String cardInput){
     Serial.print("ID Numarasi: ");
     Serial.print(cardInput);
     Serial.print(" ");
   
     Serial.println("");
   }
   

Answer 1

It's a very bad idea to use the RFID UID for any security application as it's not guaranteed to Unique especially as you seem to be looking for a 4 byte UID.

A lot of card types have moved to a 7 byte UID as there are not enough combinations in 4 bytes. Some card types the UID is user programmable and for some card types like a Mifare Classic type card where the UID is supposed to be programmed at the factory there are Chinese clones that allow the UID to be changed.
With an emulated card which is what the Android phone is doing the UID returned can be easily programmed to any value.

The UID is only designed to help differentiate one card from another when multiple are in range of the reader at the same time, therefore it just need to be likely that multiple cards have different UID's which a random number from a phone is highly likely to achieve. Even then the consequences are small of 2 UID's being the same, it is just a failed card read.

This bring me on to why the default changes the UID, this is probably a privacy feature so it cannot used to to track a phone as NFC is consider a non dangerous facility that other types of protection are not required.

A better way for security applications is to use cryptography of data stored on the cards memory (or emulated cards memory) to use for identification.